Security News > 2023 > February > GoAnywhere MFT zero-day vulnerability lets hackers breach servers
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.
GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
"A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT," warns the GoAnywhere security advisory.
On the file system where GoAnywhere MFT is installed, edit the file " /adminroot/WEB INF/web.
BleepingComputer has identified local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing the GoAnywhere file transfer solution.
Even a single breach leveraging GoAnywhere MFT's zero-day flaw could leak sensitive information that could be used for extortion.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)